From: Karolin Seeger <kseeger@samba.org>
Date: Sun, 21 Dec 2008 08:15:17 +0000 (+0100)
Subject: WHATSNEW: Add "ldap ssl = start tls" to the release notes.
X-Git-Tag: samba-3.3.0~144
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b229fa21a185510e1a3689292f363516ba947b39;p=thirdparty%2Fsamba.git

WHATSNEW: Add "ldap ssl = start tls" to the release notes.

Karolin
(cherry picked from commit 9a94c466210097c852d7e049a57e5777dea6ad84)
---

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index b5aac3ff654..76cb29d8de0 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -13,6 +13,7 @@ Major enhancements in Samba 3.3.0 include:
  Configuration/installation:
  o Splitting of library directory into library directory and separate
    modules directory.
+ o The default value of "ldap ssl" has been changed to "start tls".
 
  File Serving:
  o Extended Cluster support.
@@ -45,6 +46,17 @@ A new option "--with-modulesdir" has been added to allow the specification
 of a separate directory for the shared modules.
 
 
+Configuration changes
+=====================
+
+The default value of "ldap ssl" has been changed to "start tls". This means,
+Samba will use the LDAPv3 StartTLS extended operation (RFC2830) for
+communicating with directory servers by default. If your directory servers
+do not support this extended operation, you will have to set
+"ldap ssl = no". Otherwise, Samba could not contact the directory servers
+anymore!
+
+
 Winbind idmap backend changes
 =============================
 
@@ -167,6 +179,7 @@ smb.conf changes
     idmap domains			Removed
     init logon delayed hosts		New		""
     init logon delay			New		100
+    ldap ssl				Changed Default	start tls
     winbind reconnect delay		New		30